Updated: February 13, 2007 11:46:44 AM
Also Known As: VBS.LoveLetter.Variant, I-Worm.LoveLetter, VBS/Loveletter@MM, VBS.Plan.D
Type: Worm
To remove this worm:
- Delete all .vbs files that are detected as VBS.LoveLetter.BJ.
- Delete the Us-president-and-fbi-secrets.htm file from the \Windows folder.
- Run Regedit, and delete the following registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\plan colombia
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LINUX32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\reload
- (Optional) If the Logos.sys and Logow.sys files have been modified, restore them from the original Windows disks
- (Optional) Search all local hard disks for hidden .mp3 and .mp2 files. Remove the hidden attribute from these files.
NOTE: The overwritten files can be recovered if you were running Norton SystemWorks or Norton Utilities NProtect at the time of infection.
Writeup By: Neal Hindocha
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine